Posted
by
Soulskill
on Wednesday February 05, 2014 @12:09AM
from the browser-wars-go-mobile dept.

Peter Eckersley writes "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies. Android users should install the Firefox app and then add HTTPS Everywhere to it. iPhone and iPad users will unfortunately have to switch to Android to get this level of security because Apple has locked Mozilla Firefox out of their platforms."

It's a bit like automatic collision avoidance braking systems that are starting to appear on cars these days: you might say it's a huge crutch for people who are too lazy to drive properly and maintain distances, but you know what? it's a good idea I'd like to have it nonetheless, in case my concentration lapses.

Nonsense. If you're browsing the web and following a bunch of links, you would have to long press the link to copy it, long press to paste it in the url bar, edit the url to add the S (this is mobile, so moving the cursor directly between the "p" and the ":" is non-trivial), and hit enter... for every link you follow.

You can't just click the link and edit the url after the page loaded because you've already given away the url path, url query, cookies, referrer, etc to anyone snooping your connection. And what if a site doesn't support https and instead redirects you to its' http variant? For some people they'd rather it fail to load than load insecurely. There are many reasons to use such an extension.

'Secure' isn't really something where you can just boil it into a number between 1 and 100 and call it a day. If you are worried about attackers sniffing the wire, a plugin that enforces SSL use is a major advantage. If you are worried about being hit with a zero day by the guy on the other end of the wire, it's entirely irrelevant.

The NSA likely has keys from all the major SSL cert vendors, rendering this "spamvertisement" moot. HTTPS does not mean that you're secure from everybody. It means you've added a layer of security that will thwart MOST prying eyes, but those that really want to know what you're doing WILL know what you're doing.

> this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser> against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies.

While I certainly think it is a good idea to encrypt traffic, this statement is highly misleading or naive: Since the CAsystem is *flawd by design* and every one of those "authorities" in the long list of built-in CA insideyour browser can, by negligence or choice, supply any of these and other agencies with a valid certificate for*any hostname in the world*, initiatives like these protect your privacy only from your local sysadmin/ISP, and alsodo nothing against traffic analysis.

Should a US person/company trust that "China Internet Network Information Center" isn't going to create a cert for aUS bank or company to perform a MITM attach with? Should a Chinese company trust "Wells Fargo" not to?Should the Greeks trust "TÜRKTRUST Bilgi letiim ve Biliim Güvenlii Hizmetleri A.. (c) Aralk 2007", or theTurks "Hellenic Academic and Research Institutions Cert. Authority"? What on earth makes you think ALL of thesecompanies can resists pressures to misbehave? Yet all of them are built-in to your browser and "you" trust them.

Just go to any (Cloudflare, Akamai..)-accelerated site using https and check out the certificate used to see how that works:They are issued certificates for the customer domains they accelerate, and hence have access to all the traffic.In essence, they do exactly what a man-in-the-middle attack would do, except on a much grander scale (and with the collusionof the actual domain holders). The agencies can carry out such attacks from within the ISP's, and your browser would still show "green".

The Cert validation in the browsers leads to a *dangerous false sense of security* at most. This is crypto, a weakest-link businessif ever there was one, folks. It's not ALL, or SOME that need to fail in order for PKI to fail, it's ANY of them.

Surely, we can do better than that: We should get rid of all centralised security illusions. Why aren't we signing contents using our PGPkeys that at least make multiple signers possible and habitual, and, and this is the essential difference, IMHO: That *you* have made aconscious decision to trust or mistrust, to a certain degree, by reviewing a web of trust, as in informed consent as opposed to blind paternalismof massivly built-in, pretrusted certificates by distant companies you really have no clue about.

According to the web-site you can get the plug-in for Chrome as well. Albeit beta, but still.And if that's the case, you can just install Chrome on your Apple device, it's in the itunes store, and install the plugin for it instead.

I loathe to say this but, HTTPS Everywhere is security theater. It makes your browser have a green icon where it otherwise might not but, that green icon is just an illusion of security. Considering recent revelations about the NSA, I would assume all SSL certificates are compromised. Like, literally, all of them. If the trust chain has been compromised by one party (the NSA), I would assume it compromised by all parties.

So basically all this does is to force HTTPS requests instead of HTTP? (took me a while to find out - gotta love the fact that the "clever technology" link on their site, instead of going to a description of the actual technology, goes to... xkcd?!:) )

I see a few problems with this approach:
1)Not all content is provided over both HTTP and HTTPS. For multiple reasons, one being performance. Which leads us to the second problem...
2)A HTTPS session incurs a significant overhead for encryption. Which may be no problem for someone like Google. But for someone hosting his/her own (moderately successful) website on a small server, it might just overload said server.
3)Quite possibly the biggest problem with HTTPS is the fact that users have been trained over many years to just click "accept/install certificate" on self-signed certs. Not knowing that if you do this you are no longer secure.

And the more we keep forcing HTTPS, the more webmasters will use self-signed certs. Not many people want to go through the hassle of obtaining (and maintaining!) a valid SSL certificate for every single website they run, even if that cert is free. Which will only exacerbate the problem...

> this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser
> against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies.

While I certainly think it is a good idea to encrypt traffic, this statement is highly misleading or naive: Since the CA
system is *flawd by design* and every one of those "authorities" in the long list of built-in CA inside
your browser can, by negligence or choice, supply any of these and other agencies with a valid certificate for
*any hostname in the world*, initiatives like these protect your privacy only from your local sysadmin/ISP, and also
do nothing against traffic analysis.

Should a US person/company trust that "China Internet Network Information Center" isn't going to create a cert for a
US bank or company to perform a MITM attach with? Should a Chinese company trust "Wells Fargo" not to?
Should the Greeks trust "TÜRKTRUST Bilgi letiim ve Biliim Güvenlii Hizmetleri A.. (c) Aralk 2007", or the
Turks "Hellenic Academic and Research Institutions Cert. Authority"? What on earth makes you think ALL of these
companies can resists pressures to misbehave? Yet all of them are built-in to your browser and "you" trust them.

[..]

The Cert validation in the browsers leads to a *dangerous false sense of security* at most. This is crypto, a weakest-link business
[..]

You suggest that MITM attacks on SSL are as bad as someone sniffing on unencrypted traffic. It is not! MITM attacks are active attacks and are much more invasive to carry out. That's not all: in principle all these MITM attacks can be detected: the host key of the Man In The Middle will differ from the host key of the original server (though your browser will accept the differing host key when it is signed by a rogue CA).

It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected. The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory [eff.org] to detect differing certificates that indicate MITM attacks.

There's also the Certificate Patrol [mozilla.org] Firefox Extension that persistently remembers certificates and warns when certificates changed for no apparent reason.

Even if all certificates are compromised they are still worth using. Instead of passively collecting all that data the NSA/GCHQ has to perform a man-in-the-middle attack using a server that is geographically closer to you than the one they are spoofing. It costs them more time and money, limits their ability to spy on everyone all the time and requires them to maintain those servers. MITM attacks can be detected too, and in fact Chrome has made some progress on that with pinned certificates. I think there is a Firefox plugin that does something similar.

There are real and measurable benefits to using HTTPS, it's not just theatre.

You suggest that MITM attacks on SSL are as bad as someone sniffing on unencrypted traffic. It is not! MITM attacks are active attacks and are much more invasive to carry out.

Is "false security" better or worse than "no security"?

I really don't understand why everybody tries to reduce these encryption problems on the "false security" vs. "no security" dichotomy. No this is not about false security. This is about security against undetectable passive attackers vs. detectable active attackers. The amount of data a detectable active attacker is able to collect about my person are many orders of magnitude smaller than the amount of data a passive attacker is able to obtain. The active attacker will also only be able to obtain data from the point of time I was chosen as a target. The passive attacker will be able to go back in time and look at my communication (probably many years) before I became interesting enough to be deemed a target.

This is why implementing SSL, even if no protection at all against MITM existed, is much much better than no SSL at all.

I loathe to say this but, HTTPS Everywhere is security theater. It makes your browser have a green icon where it otherwise might not but, that green icon is just an illusion of security. Considering recent revelations about the NSA, I would assume all SSL certificates are compromised. Like, literally, all of them. If the trust chain has been compromised by one party (the NSA), I would assume it compromised by all parties.

While this is true, chances are SLL Certificates still work well enough to keep the other nerd at the coffee shop from stealing your WoW forum account credentials.

No single person, ever, anywhere, has been able to single handedly defend themselves from the government of the place they reside. If the Government wants the account, they'll get it through twisting laws and sending the cops, not by snooping on it.